Prilock Security Training Blog

Hacker is Using MikroTik Routers to Eavesdrop

Do you have a MikroTik router? Are you keeping it up to date? A hacker has been exploiting vulnerable outdated MikroTik routers to secretly eavesdrop on internet traffic.

According to the security researchers at Qihoo 360’s Netlab, a hacker has been actively channeling the internet traffic from over 7,500 vulnerable MikroTik routers around the globe to servers under the hacker’s control.

The threat may expand, warned Netlab, as the hacker installed the equivalent data-forwarding protocol, SOCKS4, in another 239,000 MikroTik routers.

The reasoning behind data collection is unknown but the hacker seems to be reaping File Transfer Protocol (FTP) data as well as messaging and email traffic over SMTP, POP3, and IMAP.

“It is hard to say what the attacker is up to with these many SOCKS4 proxies but we think this is something significant,” Netlab disclosed in a report.

The only reason the hacker is able to exploit these devices is due to a known vulnerability in MikroTik Router’s software, which allows remote administrative access to the device. A security was released in April, but about 370,000 devices remained unpatched.

One of Prilock’smajor security tips is to keep your software up to date. This tip applies to all devices, and this is a perfect example of why you should!